From owner-freebsd-ports@FreeBSD.ORG  Tue Jan  8 20:22:40 2013
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 325F7150;
 Tue,  8 Jan 2013 20:22:40 +0000 (UTC)
 (envelope-from freebsdml@marino.st)
Received: from shepard.synsport.net (mail.synsport.com [208.69.230.148])
 by mx1.freebsd.org (Postfix) with ESMTP id 0A24596D;
 Tue,  8 Jan 2013 20:22:39 +0000 (UTC)
Received: from [192.168.1.6] (e98248.upc-e.chello.nl [213.93.98.248])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by shepard.synsport.net (Postfix) with ESMTP id E789043BD0;
 Tue,  8 Jan 2013 14:22:31 -0600 (CST)
Message-ID: <50EC8004.4020106@marino.st>
Date: Tue, 08 Jan 2013 21:22:28 +0100
From: John Marino <freebsdml@marino.st>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:10.0) Gecko/20120129 Thunderbird/10.0
MIME-Version: 1.0
To: Raphael Kubo da Costa <rakuco@FreeBSD.org>
Subject: Re: Why delete KDE3 ports?
References: <mailman.202.1357547625.2166.freebsd-ports@freebsd.org>
 <50EADA33.9010308@aldan.algebra.com> <50EB16B2.4070502@FreeBSD.org>
 <50EB1991.8010400@marino.st>
 <CA+tpaK1t4TUPeAZATVPO=KZPdwk4aksMDGeWxiMP7HCLcM8S_g@mail.gmail.com>
 <87txqro2jw.fsf@FreeBSD.org>
In-Reply-To: <87txqro2jw.fsf@FreeBSD.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jan 2013 20:22:40 -0000

On 1/8/2013 21:14, Raphael Kubo da Costa wrote:
> Adam Vande More<amvandemore@gmail.com>  writes:
>
>> On Mon, Jan 7, 2013 at 12:53 PM, John Marino<freebsdml@marino.st>  wrote:
>>> "possibly insecure":  I think this needs to be "known insecure" rather
>>> than holding it's last release date against it.
>>
>> http://www.kde.org/info/security/advisory-20100413-1.txt
>>
>> Probably other security issues as well.  I didn't have to look very long.
>>   In a codebase as large as KDE's, it seems a very slim chance indeed years
>> could go by without maintenance and still maintain security.
>
> Additionally, I'd argue that it is hard for it to be "known insecure"
> since upstream does not maintain it even for security vulnerabilities
> anymore, so security problems have nowhere to be reported and
> vulnerabilities common to KDE3 and KDE4 only get published and fixed in
> the latter.


This doesn't count?
http://cve.mitre.org/cve/
http://web.nvd.nist.gov/view/vuln/search?execution=e2s1

It seems to be there is somewhere to report them...